Over the same period, Wi-Fi hotspots have sprung up in public spaces. From coffee shops, restaurants, shopping malls, hotels and exhibition halls, to trains, airports and even airplanes, they are everywhere.

A personal firewall uses Stateful Packet Inspection technology to detect anomalous data packets and shield the device from malicious attack. It also restricts network communication at public W-Fi access points so that only VPN traffic is permitted.

Together, they form the minimum level of protection for an organization whose employees will be regularly using public Wi-Fi hotspots to carry out work-related tasks.

Answer the Secure or Insecure Question

An important second step is to optimize the user experience.

The best personal firewalls should automatically be able to tell the difference between a safe network such as the office, data center or secure home Wi-Fi and an unsecured public network that needs VPN connectivity (Friendly Net Detection).

It also helps the organization to avoid relying on non-IT staff to switch manually between settings every time they are in a public place. Conversely, they should not have to submit to VPN latency if they are working in a perfectly secure environment.

Instead, rules and policies governing appropriate security for each type of network are determined by the IT department.

Turn Public Logons into Private Ones

A public Wi-Fi network typically asks the user to open a browser window, fill out a form and agree to the provider’s terms and conditions.

Properly configured personal firewalls can detect an unsecure network and automatically open a restricted browser window that establishes a VPN connection before any interlopers can intervene.

If the hotpot requires the user to logon via a browser the client firewall restricts user access to a single specific browser. It establishes a VPN connection and blocks all other network traffic.

Perform Security Checks

The underlying security of the mobile client operating system should be checked and scanned for viruses before network access is permitted.

If the scan finds anything unusual the client will restrict VPN access. If, for example, the anti-virus needs updating the client should first establish a secure connection with the anti-virus update server to download the update before proceeding with anything else.

In the event of malware or some other threat being detected, the mobile client immediately disables the VPN connection, thereby stopping the infection spreading from the device to other parts of the corporate network.

Clear Any Obstacles to Native VPN

Some Wi-Fi hotspots try to block ports such as IPSec and L2TP used by native VPN protocols in an attempt to force browsers onto the public network.

This can be corrected by using a VPN that detects this and automatically switches to HTTPS emulation in order to set up an encrypted tunnel to the corporate network.

It basically implements the organization’s security policy by automatically establishing an encrypted end-to-end IPSec tunnel. No end user involvement is required.

In summary, it’s only natural that organizations should want their employees to be able to make the most of the flexibility and efficiency mobile technology gives them to carry on working while in public spaces.

At the same time, it’s important they fully understand the risks of public Wi-Fi networks before they try using them connect to the corporate network.

They should know to check the network name and access steps before logging in to a hotpot and make sure their personal firewall is actively preventing hotspot access over anything other than a VPN connection.

Above all, their VPN client software should make logging in to a hotspot easy and secure, provide robust endpoint protection, and automatically switch to HTTPS emulation if the hotspot tries to block native VPN protocols.